Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

krb5 config parsing issues when auth_to_local_names is specified #556

Open
antbbn opened this issue Feb 11, 2025 · 0 comments
Open

krb5 config parsing issues when auth_to_local_names is specified #556

antbbn opened this issue Feb 11, 2025 · 0 comments

Comments

@antbbn
Copy link

antbbn commented Feb 11, 2025

I noticed that when auth_to_local_names is specified in the krb5 config parsing results in a panic.
For example adding this to a realm in the test krb5Conf (v8/config/krb5conf_test.go):

        auth_to_local_names = {
                name = othername
        }

Results in:

[antbbn@fedora config]$ go test
--- FAIL: TestResolveRealm (0.00s)
panic: runtime error: index out of range [1] with length 1 [recovered]
	panic: runtime error: index out of range [1] with length 1

goroutine 34 [running]:
testing.tRunner.func1.2({0x5f6200, 0xc000252030})
	/usr/lib/golang/src/testing/testing.go:1631 +0x24a
testing.tRunner.func1()
	/usr/lib/golang/src/testing/testing.go:1634 +0x377
panic({0x5f6200?, 0xc000252030?})
	/usr/lib/golang/src/runtime/panic.go:770 +0x132
github.com/jcmturner/gokrb5/v8/config.(*Realm).parseLines(0xc0003177f8, {0xc0000ac631?, 0x66f2c8?}, {0xc0002701d8?, 0x0?, 0xc00009c370?})
	/home/antbbn/gokrb5/v8/config/krb5conf.go:379 +0xdfe
github.com/jcmturner/gokrb5/v8/config.parseRealms({0xc000270118, 0x1a, 0x36})
	/home/antbbn/gokrb5/v8/config/krb5conf.go:447 +0x39e
github.com/jcmturner/gokrb5/v8/config.NewFromScanner(0xc000317d90)
	/home/antbbn/gokrb5/v8/config/krb5conf.go:591 +0x79e
github.com/jcmturner/gokrb5/v8/config.NewFromReader({0x6709e0?, 0xc0004d76c0?})
	/home/antbbn/gokrb5/v8/config/krb5conf.go:537 +0x68
github.com/jcmturner/gokrb5/v8/config.NewFromString({0x61c065, 0x6e4})
	/home/antbbn/gokrb5/v8/config/krb5conf.go:531 +0x6f
github.com/jcmturner/gokrb5/v8/config.TestResolveRealm(0xc000208000)
	/home/antbbn/gokrb5/v8/config/krb5conf_test.go:644 +0x3b
testing.tRunner(0xc000208000, 0x637cb8)
	/usr/lib/golang/src/testing/testing.go:1689 +0xfb
created by testing.(*T).Run in goroutine 1
	/usr/lib/golang/src/testing/testing.go:1742 +0x390
exit status 2
FAIL	github.com/jcmturner/gokrb5/v8/config	0.020s

The issue seems to stem from the fact that in parseLines when a line with a single } is encountered and the section was not explictly ignored (eg. ignore = true) the line is split and the second element is accessed.

The following diff fixes the issue for my test case and, looking at the docs, I don't think there are other non v4 subsections in [realms] (v4 ones are correctly ignored). Not sure if the panic can be triggered in other sections of krb5.conf.
If you would like me to make a PR i'll be happy to.

diff --git a/v8/config/krb5conf.go b/v8/config/krb5conf.go
index f448c8a..7c7f36e 100644
--- a/v8/config/krb5conf.go
+++ b/v8/config/krb5conf.go
@@ -354,6 +354,9 @@ func (r *Realm) parseLines(name string, lines []string) (err error) {
                        ignore = true
                        err = UnsupportedDirective{"v4 configurations are not supported"}
                }
+               if strings.Contains(line, "auth_to_local_names") {
+                       ignore = true
+               }
                if strings.Contains(line, "{") {
                        c++
                        if ignore {

Some details:
gokrb5 version: master and 8.4.4
go version: go version go1.22.11 linux/amd64 (was unable to install an earlier one)
environment: not relevant for this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@antbbn